Separate names with a comma.
Discussion in 'General Discussion' started by elleryjh, Apr 28, 2003.
What are the pros and cons to running suexec with php and cgi? Are there any security concerns?
from a security pov there are several pro points
mail gets sent out as email@example.com rather than firstname.lastname@example.org so there less work to do as you do not have to compare the apche logs w/the exim logs to see what generated the mail
You can have tighter permissions as each php/perl file is read / written by its specfic owner rather than the generic nobody user
You can enforce resource limitations such as memory consumption / cpu usage on a per site basis (e.g. a a busier site may have higher resource limits and a not-so-busy site may have a lower one) so that a badly written script can't disrupt everyone sites which maybe hosted on the same server
Cons are that some php stuff don't work when its running as cgi (e.g. using php_value type stuff in a .htaccess)
You may initally encounter some problems with ownership/permission issues however error_log and suexec_log are very helpful with this (you may however wish to keep a eye on the size of suexec_log)
cgi suexec a must to have
phpsuexec still experimental , avoid it ! Use instead
php safe mode on .
I've been using phpsuexec for a month or two now, and it's great! I noticed the CPU usage going up a notch, though. Not sure how much of that is related to phpsuexec.
Sorry but can you explain why it's great ?
Well, it worked as expected and better. First, the fact that PHP runs as the account user adds heavily to security. Just yesterday a buggy user script started mailing messages like crazy and I was able to determine which account it belonged to right away, instead of seeing "nobody" as the sender. You can also check if a script is using too much CPU or running for too long through top or ps.
Also, the account scripts can have restrictive permissions (as restrictive as 400!) and run just fine, protecting them from other users in the same server. They don't even have to have execute permissions as I first thought. Suexec also does some extra security checks, like running scripts which do not belong to the user, which have world-write perms or are inside world-writeable directories. And the data files those scripts use can have safe access modes as well, protecting sensitive information like database passwords or credit card numbers.